07-15-2010 03:31 AM - edited 03-10-2019 05:15 PM
Hi,
Just wisht to ask what is the default encryption used by ASA when exchanging username/password with a radius server (Windows server). And is there a way to change the encryption (3des to aes-128)?
Thanks.
Solved! Go to Solution.
07-15-2010 05:40 AM
RADIUS as a protocol uses an MD5 based "hiding" mechanism to encrypt the password attributes. It is a well known issue with that communication.
To make sure that traffic is encrypted I believe the best thing to do is to establish a IPSec tunnel between the server and the authenticating devices.
I hope it helps.
PK
.
07-15-2010 05:40 AM
RADIUS as a protocol uses an MD5 based "hiding" mechanism to encrypt the password attributes. It is a well known issue with that communication.
To make sure that traffic is encrypted I believe the best thing to do is to establish a IPSec tunnel between the server and the authenticating devices.
I hope it helps.
PK
.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide